Maintenance mode is always something you are facing during System Center setups. Let’s say you have a SCCM administrator who want’s to deploy it’s Windows updates on a certain day e.g. Tuesday @ 08.00 p.m. o’clock, and he also decides to reboot each server forcefully after successful deployment. Because we (SCOM administrators) have to find a reliable way to put server objects in maintenance mode depending on the SCCM collection which will trigger the reboot of the servers.
I decided to write a script which will be triggered by a basic task on a management server and put all server in the concerning SCCM collection in maintenance mode.
I use a WMI connection to the SCCM server to retrieve the server objects in the collection. Maybe there is a better way to do it, let me know. Because of that I created a service account which will execute the scheduled basic task and therefore the script.
The triggering service account needs the following permission in SCCM to successfully connect to the SCCM collection WMI namespace.
In SCCM 2012 console go to “Administrative Users”…
…and assign the “Read-only Analyst” permission to the service account
In addition to that I assigned “Operations Manager Administrators” permission to the same service account.
Now you should be able to run the script successfully.
Script:
#Define the SCCM and SCOM server
$SCCMServer=”SCCM.domain.com”
$SCOMServer=”SCOM.domain.com”
#Define the SCCM collection
$CollectionName=’UPD – Server Patching Tuesday’
#Define the SCCM site name e.g. site_02
$SCCMWMINameSpace=”root\sms\site_s02″
#Define how many minutes the maintenance mode should run e.g.10 minutes
$Time = ((Get-Date).AddMinutes(10))
#Here you just deliver the comment and reason for the maintenance mode
$Comment = “Software Updates”
$Reason = “SecurityIssue”
#Valid inputs for $Reason: #PlannedOther,UnplannedOther,PlannedHardwareMaintenance,UnplannedHardwareMaintenance #PlannedHardwareInstallation,UnplannedHardwareInstallation,PlannedOperatingSystemReconfiguration #UnplannedOperatingSystemReconfiguration,PlannedApplicationMaintenance,ApplicationInstallation #ApplicationUnresponsive,ApplicationUnstable,SecurityIssue,LossOfNetworkConnectivity
#Import the Operations Manager module
Import-Module OperationsManager
#Get the objects from the SCCM collection using WMI
$Collection = Get-WmiObject -Namespace $SCCMWMINameSpace -ComputerName $SCCMServer -Query “Select * from SMS_Collection where name=’$CollectionName'”
$Collection.Get()
#Loop through each object in the collection
ForEach ( $CompInCol in $Collection.CollectionRules ) {
#Here we get the computer name out of the collection using the RuleName property
$Object= $CompInCol.RuleName
#Get instance of the computer object in SCOM
$ComputerClass = Get-SCOMClass -name:Microsoft.Windows.Computer
$ComputerInstance = Get-ScomClassinstance -Class:$ComputerClass | where {$_.Displayname -like “*$Object*”}
#Check if there is a valid instance in SCOM, it could be that the computer does exist in SCCM but is not monitored with SCOM
If ($ComputerInstance.Name -ne $null) {
#For the SCOM computer instance get the appropriate health service watcher
$HealthServiceClass = Get-SCOMClass -name:Microsoft.SystemCenter.HealthService
$HealthServiceWatcherClass = Get-SCOMClass -name:Microsoft.SystemCenter.HealthServiceWatcher
$HealthServiceWatcher = Get-SCOMClassInstance -Class:$HealthServiceWatcherClass | where{$_.Displayname -like “*$Object*”}
#Retrieve the appropriate health service
$Agent = Get-SCOMAgent | where {$_.Displayname -like “*$Object*”}
$HealthService = $Agent.HostedHealthService
#Start each maintenance mode for the health service watcher, health service and the computer instance
Start-SCOMMaintenanceMode -Instance $HealthServiceWatcher -EndTime $Time -Reason $Reason -Comment $comment
Start-SCOMMaintenanceMode -Instance $HealthService -EndTime $Time -Reason $Reason -Comment $comment
Start-SCOMMaintenanceMode -Instance $ComputerInstance -EndTime $Time -Reason $Reason -Comment $comment
}
}
I like 
…
Hi,
do you have a script for putting servers (windows and linux) in maintenance mode by there servername and from users withour rights on scom -> a script to put servers remote to maintenance mode from every workstation in the company? Hope you can help.
Thanks and greetings
Hi Doreen
No not yet, but I think there are many samples on the internet. If not I consider writing one 🙂
Regards,
Stefan
Hi Stefan,
we have already wrote a script but there is the problem that the user who want to run the script from a client needs administrative rights on scom server. So we have to insert scom action account with password into the ps script (not a smart solution). I looked around for another solution but find nothing 🙁
Regards
Doreen
Hi Doreen
Why don’t you use Get-Credential http://technet.microsoft.com/en-us/library/hh849815.aspx this way the user gets a prompt where he/she can enter the appropriate credentials.
Just an idea…
Stefan
Nice function but it’s not what I’m searching for. The users cannot prompt their credentials because they have no right on the scom server for using remote powershell and the username + password for administrative scom user does not everybody know (otherwise I could wirte it into the script…).
Hi Scomfaq,
This looks like it will be really useful when we integrate our SCCM 2012 infrastructure with patching. We are currently using WSUS and as such I am having some issues amending the syntax from the previous version. My powershell skills are advancing although not the degree that I’d like. I like how you put HealthService, HealthServiceWatcher and ComputerNode all into MM. Are you able to create a command, a little like those described here, http://operatingquadrant.com/2009/08/15/scom-automatically-starting-maintenance-mode-when-servers-are-rebooted-for-patching/ to put all these objects into MM for a configurable period after a 1074 event is fired on the client?
Thanks in advance,
Andrew
Hi Andrew
As I understand you want to put a client into MM when an event 1074 in the event log appears. Well of course this is possible. Maybe a good idea for a blog post. You may want to look at this script here http://theitcrownd.blogspot.ch/2012/01/set-up-automatatic-scom-maintenance.html . You just Need to adapt it for SCOM 2012, which should not be that hard :).
Cheers,
Stefan
Stefan,
Nice post. May use some of this logic to exclude systems from SCCM deployments (patching, apps, etc.) if they are in MM in SCOM to improve success % when targeting servers.
Doreen,
Write a webservice as a proxy between SCOM and the user to handle the request without the need of elevated rights. PowerShell can interact with webservices easily as a front-end to interact with the webservice to put systems in MM.
-Stephen (‘Merica)
Hi Stephen,
Sure 🙂
Cheers,
Stefan